CVE-2024-45464: 
Siemens Tecnomatix Plant Simulation vulnerability analysis and mitigation

CVE-2024-45464 is a vulnerability discovered in multiple versions of Siemens software products, including Teamcenter Visualization (V14.2, V14.3, V2312) and Tecnomatix Plant Simulation (V2302, V2404). The vulnerability was disclosed on October 8, 2024, and involves an out-of-bounds read vulnerability that occurs when parsing specially crafted WRL files (Siemens Advisory, NVD).

The vulnerability is classified as an out-of-bounds read past the end of an allocated structure (CWE-125) that occurs during the parsing of specially crafted WRL files. It has received a CVSS v3.1 Base Score of 7.8 (HIGH) with vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, and a CVSS v4.0 Base Score of 7.3 (HIGH) with vector CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N (Siemens Advisory).

If successfully exploited, this vulnerability could allow an attacker to execute code in the context of the current process, potentially leading to full system compromise with the same privileges as the application (Siemens Advisory).

Siemens has released security updates for affected products: Teamcenter Visualization V14.2 (update to V14.2.0.14), V14.3 (update to V14.3.0.12), V2312 (update to V2312.0008), and Tecnomatix Plant Simulation V2302 (update to V2302.0016) and V2404 (update to V2404.0005). As a workaround, users are advised not to open untrusted WRL files in affected applications (Siemens Advisory).